Trojan.Crypt.VB.U
Posted: December 19, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 9/10 |
|---|---|
| Infected PCs: | 79 |
| First Seen: | December 19, 2011 |
|---|---|
| OS(es) Affected: | Windows |
Trojan.Crypt.VB.U is a ransomware Trojan that encrypts a wide range of files on your PC to cause them to be unusable, thereafter offering a decryption tool to restore the files – if you're willing to pay a sixty-nine-dollar fee. Although, unlike some other types of ransomware Trojans, Trojan.Crypt.VB.U actually does follow through with its threats to encrypt your files and does provide a genuine decryption tool, SpywareRemove.com malware experts recommend that you remove Trojan.Crypt.VB.U with a good anti-malware product and avoid paying its ransom fee. Since Trojan.Crypt.VB.U uses a simplistic XOR-based algorithm that can be decrypted by third party utilities, you should be able to retrieve your files easily once you've deleted Trojan.Crypt.VB.U. Intriguingly, Trojan.Crypt.VB.U does offer a 'trial' remedy that allows you to decrypt up to three files, and although there's no harm in using this trial once your PC has been infected by Trojan.Crypt.VB.U, there's no real reason to spend money on a wholesale decryption solution that you could get your hands on for free.
Trojan.Crypt.VB.U: As Far As 'Demos' Go, More Dangerous Than You'd Expect
Trojan.Crypt.VB.U attacks were first noted in mid-December of 2011, and although Trojan.Crypt.VB.U's distribution method hasn't yet been confirmed, the timing makes distribution of Trojan.Crypt.VB.U through fake Christmas-related scams and hoaxes to be very likely. Multiple variants of Trojan.Crypt.VB.U have already been identified, and exhibit minor differences in behavior - older versions of Trojan.Crypt.VB.U may encrypt more files while newer versions may encrypt files more selectively, and encryption attacks may or may not require a system reboot before they take place. In all cases, however, SpywareRemove.com malware researchers find that Trojan.Crypt.VB.U immediately notifies the victim of its encryption attack by opening a web page.
Rather sneakily, this web page will announce the availability of a decryption product for 'only' $69.00 without telling you that Trojan.Crypt.VB.U, is the real cause of the encryption. A link to a free demo will allow you to decrypt up to three files, which gives credibility to the verifiable-functioning nature of this decryption program, and the payment form even accepts the prolific PayPpal platform for receiving payments. However, despite these dangling carrots, SpywareRemove.com malware researchers don't recommend using it regardless of its features, even if Trojan.Crypt.VB.U has managed to encrypt and lock you out of a wide range of important files.
Solving the Trojan.Crypt.VB.U Riddle Without Undue Expenses
Although Trojan.Crypt.VB.U's encryption functions are genuine, SpywareRemove.com malware analysts are happy to find that they also use a basic XOR algorithm that reverses file information and adds obfuscating headers. This algorithm can be cracked by freely-available decryption products and doesn't cause any harm to the files that are encrypted, so there's little justification for spending money on the product that Trojan.Crypt.VB.U is advertising with such dishonest cunning. However, removing Trojan.Crypt.VB.U is recommended before you try to salvage your files, and without access to a robust anti-malware scanner this can be difficult to achieve, since Trojan.Crypt.VB.U alters the Registry, conceals files in the Windows directory and launches multiple files as soon as Windows boots itself.
Safe Mode may allow you to avoid some of Trojan.Crypt.VB.U's attacks long enough for you to launch your choice of anti-malware software; if not, you may need to boot Windows from a USB drive or CD. You should also be watchful for 'Setupp.exe' and 'setupc.exe' in the Processes tab of your Task Manager; these two Trojan.Crypt.VB.U processes will keep each other running and must be terminated simultaneously to deactivate Trojan.Crypt.VB.U. Trojan.Crypt.VB.U will also attempt to conceal file extensions such as '.zip' or '.exe' by altering your Registry, and you should be aware of this and try to avoid launching unfamiliar files until you've removed Trojan.Crypt.VB.U and undone this Registry change.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.